I would utilize groups. Users can be in multiple groups. You can have "grp_users" assigned to the share for full read/write capability which allows all users to connect to the share and then limit permissions at the file/folder level. Here is a very simplified overview.
Example of Group (users):
Code:
grp_users (jon, joe, mary, jane)
grp_providers (jon, joe, jane)
grp_accounting (mary)
grp_nurse (joe, jane)
grp_doc (jon)
Folder structure (owner of folder):
Code:
share (grp_users)
|--> providers (grp_providers)
|--> accouting (grp_accounting)
|--> users (grp_users)
|--> jon (jon)
|--> joe (joe)
|--> mary (mary)
|--> jane (jane)
Bookmarks